Newsvine Fraud News

Ransomware cyber attacks are growing and it can happen to anyone, anywhere. The attacks can be on a personal computer or even take down an entire network at a hospital. Organizations posing as law enforcement, government agencies, banks, and credit card companies are using deceptive links and websites to install malware - which essentially holds all of your files ransom, encrypts and demands payment to restore them.

But this doesn’t have to happen to you. There are several very simple steps which can help safeguard you from attacks.

Anti-virus software - Every personal computer should have it. There are a lot commercial anti-virus software programs to choose from, and they are worth the investment. Once you have the software, make sure that it’s installed correctly with the most up-to-date version, that it’s always on, and that you have it set to alert you when there are updates to install.

If your computer does become infected and you don’t have an anti-virus program set up, you can install one to “clean” your computer, but you may need additional assistance to help restore your hard drive.

Anti-virus programs are equally, if not more important, for businesses – but because most businesses have software on their computers which prohibit users from downloading software it’s up to the company’s IT department to keep their users protected. Most business updates need to be done via a server to all their user’s computers and devices; this includes not only anti-virus software, but operating systems and third-party applications. Businesses should conduct security training for their users, as to what is and isn’t acceptable on company devices, including mobile ones. In addition, there should be computer usage, security, and security awareness policies in place.

Corporate IT departments need to routinely conduct risk assessments, as well as alert users of any new viruses or bogus and fraudulent emails that may be circulating.

Back up Everything, Frequently – It is essential that you are backing up your files on a regular basis. If you are hit with ransomware or any other type of virus and your computer and its files can’t be saved, you will have your backups to do a system restore or rebuild.

Consider The Cloud – Rather than keeping all of your files on a hard drive or server, consider moving bigger more important files to the cloud. Cloud storage will allow you to access your files remotely without the risk of them being infected by ransomware if your computer or server is hit.

Keep Everything Up-To-Date – It’s not just your anti-virus software that you need to keep updated. You should also keep your operating system and all of your programs updated with the latest versions. By keeping them updated you’ll be on top of any issues that may arise, as well as alerted to security warnings from the software manufacturers.

Avoid Suspicious Sites and Emails – If you are unsure of the sender, or an email comes with an attachment you aren’t expecting, delete it. Opening a suspicious email or clicking on a suspicious site could launch ransomware onto your computer.

It’s important that you make sure that all of your family, co-workers and employees know the risks of ransomware and how to protect themselves and that they should never pay the ransom. Not only is it feeding into criminal activity, but there is no guarantee you’ll get the encryption code promised to get full functionality back to your computer.

Reputational risks are caused by many intended, and unintended events, for example: a cyberattack on a retailer’s credit card data, manipulating markets or making trades based on insider data, employing under-aged workers overseas for a “US-based” company, or accidently serving contaminated or expired food at a restaurant.

Whether the event is intended or unintended, the responsibility ultimately belongs to the company’s CEO and their management team. Why, because it directly impacts revenue and the company’s brand.

One of the major reputational risks today is systems interruptions and Cybersecurity. Any interruption to services - whether it be from a cyber attack, system-wide outage, human error, or security breach, is a business disruption that goes all the way up to the C-suite executives down to their clients, and can cost extremely valuable time and money to repair…not to mention the damage to your reputation.

Some things are out of your control and customers will understand that; for example, a storm knocking out power and shutting down your systems. They won’t, however, be as understanding if you weren’t proactive in safeguarding your company. So how to do you stay ahead of the problems?

If a third-party is hosting your data or is the hub of your operation you still need to remain in control. When their systems go down or are breached, your clients are coming to you with their complaints - because ultimately you are responsible. One way to be proactive with a third-party vendor is to have them comply with your own internal requirements.

Make sure you have a tested disaster/incident recovery plan in place. Disaster/incident recovery planning is a huge undertaking and touches every part of your organization, but having a plan and testing it will help you face any challenges down the road.

When something goes wrong you will need the entire company on board, not just the IT team who’s going to work around the clock to remedy the situation. Your top management teams, PR professionals, customer support, and even your marketing staff need to be involved, and know what the company response is, and how it’s being communicated.

Be proactive. Invest in data analytics that will enable you to analyze real- time data, such as pattern detection and recognition. Keep on top of social media using text analysis that will pinpoint conversations about your company. Social media combined with big data analysis will help you get ahead of the crisis and lessen the impact. This combination could be the most important and impactful decision you make, better than business liability insurance!

Learn from mistakes. Hopefully you are not the target of a company-wide disruption, be it human error or cyber attack, but chances are some company, somewhere around the world is being hit right now. Most won’t make the front page news of the Wall Street Journal, but you need to be ready to respond to incidents whether they are the result by cyber security attacks, third-party partner action or employees’ mistakes. Loss of reputation is beyond repair if not properly and systematically addressed.

Make sure that you know what your business risks are and that you are up to date with managing them all the time. Managing your business risks are not a one-time event. Each component that contributes to the risks must be monitored in real time. There are multiple tools and technologies that will facilitate managing and monitoring both your business and operational risks.

In the end it’s your company name, your reputation, and your responsibility to ensure the integrity of your brand.

February 29, 2016

With just one click your files, credit cards, medical records and other personal information could be hacked with ransomware malware. Earlier this month, a cyberattack on Hollywood Presbyterian Medical Center took the hospital’s medical records hostage, demanding ransom in the form of Bitcoins.

Bitcoin is a virtual currency. Transactions are made anonymously without bank involvement. Since Bitcoins aren’t tied to any country or subject to any regulations, international payments are easy and cheap. Every user has a Wallet ID, but the names of the buyers and sellers are never revealed. This level of anonymity provides the perfect breeding ground for transactions such as ransomware.

It would be nice if there was a list of things to look for to help prevent these attacks, but ransomware is evolving. Hackers are finding new ways to completely lock your computer systems and block access to all of your files and encrypt them. Emails that look like they are coming from utility companies, credit card companies, and even banks contain files that once they are clicked will overtake your system.

While Hollywood Presbyterian Medical Center chose to pay the ransom via Bitcoin citing the need to get back patient medial records and the hospital back up and running as soon as possible, paying ransom isn’t the way to go.

First, even if you pay whatever is being asked there is no guarantee you’ll get the encryption code to access your files, and since nearly all of these ransom requests are made through anonymous payment methods – like Bitcoin – there’s no tracing where the money went, therefore no way to go after the attacker.

Second, if you pay the ransom the hackers may see you as an easy target and come back for more.

Third, by paying ransom you are feeding into the criminality of the entire operation. Providing money to these hackers will allow them to up their game with new malware and build out the ransomware malware network.

If anything looks suspicious in your email don’t click it, and if you think you’ve been infected by malware shut down your computer and disconnect it from any server in order to minimize the risk of infecting the entire network.

There are five fundamental thinks you should always remember to do when working on your computer while connected the Internet:

Count to ten and think before you click: Do not click on any URL embedded in an email, even from someone you know, unless you confirm that email came from the sender.

Update everything: Keep your operating system updated otherwise you might be dismissing an important security update.

Backup your files: If you fail to do anything else, this is the most important task you must do on a daily basis. There are many external trusted sites you can use to backup your computer

Secure you wireless network: Make sure you use a strong password when setting up your Wi-Fi router

Use strong password: Avoid using your cat and dog names. Instead include at least one number, a capital letter, symbols such as # or $, and make your password is at least six characters.

January 22, 2016

Cloud-based solutions are no longer the wave of the future they are a necessary driver for most Enterprise businesses. The “cloud” which is really just a very large, remotely-connected server to store and access data isn’t a new phenomenon, but there are still the same old concerns about how secure data really is out there in Cyber Space.

The truth is you can control the safety of your data. Your overall cloud strategy and your use of the technology play a large part in the security process. It can range from choosing what you put on the cloud; to different models of service delivery like IaaS, PaaS, or SaaS; to what cloud-based server you use.

There are some very big, well-known companies with pretty good track records, like Rackspace, Microsoft, Amazon, and Google that have teams of people working around the clock on security and monitoring and can immediately identify, assess and remedy potential risks or threats. That’s something that most locally housed IT infrastructures can’t match. By storing data in the cloud businesses free up local IT infrastructure and are able to cut costs, but with any investment you must weigh the risk versus the reward.

So what are some of the things you need to consider before putting certain information in the cloud?

Data Breach: One of the major concerns when using the cloud is a data breach. The cloud presents greater challenges since you’re dealing with hypervisors and other external shared networked infrastructure. Data breaches can release personal information such as a person’s social security number or access to their credit or debit cards. Over the past couple of years, companies such as Target, Experian and Anthem BlueCross Blue Shield have been hit with major data breaches exposing personal information of millions of customers.

Data Loss and Recovery: While the data breach is considered a malicious of intrusive action, a data loss maybe a result of sever or storage malfunction. If your provider goes off-line and your data is lost, can it be recovered? Data sent to the cloud is encrypted as one of the many steps to ensure privacy. The downside is that encrypted data is harder to recover, especially if the encryption key is lost too.

Data Access: What information are you putting out there and who is going to have access to it? Sensitive, classified, or confidential information may not warrant storage on the cloud. You want to be able to monitor who has access to your data and their activities. Are these people authorized to access the data, and if not they need to be shut out of the network. You may also want to limit access to certain levels of individuals to mitigate any potential misuse of your data.

Data Availability: Storing data externally means you don’t have complete control of it anymore. Your cloud storage could go offline and someone else is now responsible for getting it back up. You want to make sure that whatever provider you chose has a proven record of highly available data and a quick turnaround for getting the system back on-line should it go down. All this needs to be spelled out in a Service Level Agreement (SLA).

Cloud-based solutions offer benefits for companies large and small, local and worldwide. What works best for a large company may not for a smaller one, but there are many options available that can make storing, sharing and accessing data more efficient and cost-effective no matter what business you are in.

April 22, 2013

Mobility is the trend
of the new generation. Increased access to tablets, smartphones, robust data
networks and even Wi-Fi everywhere has extended the capabilities of the
professional in the field. When the BlackBerry first emerged on the market, the
enterprise acquired, provisioned and controlled the mobile device for the
workforce, enabling access to key applications and information, while also
monitoring activity.

The demand for increased mobility has spurred a new phenomenon – BYOD. Employees
are opting for the Bring Your Own Device to work strategy, balancing personal
and professional conversations and information on the same device. The
BlackBerry is no longer the smartphone of choice as the iPhone and Android
dominate the market. BYOD has proven to be an effective strategy with the right
policy in place, but how can it truly support the initiatives of the
enterprise?

There are a few realities that accompany the adoption of BYOD:

Employees select the brand and type of
device – while employees
enjoy the freedom of selecting their own preferred brand and operating system,
enterprise IT recognize the different challenges working in varied
environments. It may be more effective for the corporate policy to allow BYOD
to only include selected, approved brands, models and operating systems.

Employees control the level of personal
information contained on the device
– this is an important point if there is no separation between personal and corporate
information. For example, if baby pictures are mixed with corporate or customers
proprietary information, that’s a problem. Employees should be allowed to load
their own information on their own device, but it’s up to IT to provide the
technology and information to keep personal and professional information
separated on the device with the application of mobile applications.

Employees access websites, applications
and file sharing services not normally permitted by the enterprise – this is a critical threat for any
network. Users may be accessing a vulnerable hotspot, uploading information to
a file share site lacking the appropriate protections or downloading
applications with malicious software. The enterprise BYOD policy should include
guidelines to acceptable practices and mobile device management applications
can be installed that prevent risky activities. The key to the successful
application is to inform employees as to these rules and the consequences if
those rules were to be broken.

Employees may allow other people to use
their device – this reality is
difficult to address from the corporate side. Employees may be educated on the
risks involved with allowing other users to access their device, but complete
control in this area is difficult. Monitoring and management applications can
help control what the individual may do while using the device, however, which
is an important step towards protection.

Employees may not demonstrate diligence
in keeping track of their device
– regardless of how much the employee uses his or her mobile device, it can
still be lost or stolen. If that happens, the finder will have access to a wide
range of network applications, proprietary information, authentication
information and so much more. This is where keeping personal and private
information separate is crucial as IT management can remotely wipe the device
clean of any information that puts the enterprise at risk. Likewise, the
employee can opt to wipe everything if personal information lost will also put
them at risk.

While this list just
scratches the surface in terms of the realities that can affect BYOD and the
enterprise, they are important points to ensure success in this new
environment. Any corporation can resist the trend and instead purchase mobile
devices for all employees, but that may not always be the optimal choice. By
understanding the realities that exist in a BYOD environment, the enterprise is
more likely to benefit.

February 21, 2013

The use of mobile
devices among the global workforce is not a new concept, but the introduction
of user ownership is a trend that has just gained momentum in the last few
years. Professionals in a wide range of industries are relying on their own
mobile devices to support the balance between work and home, introducing a
whole new set of risks for the corporate network when the proper policies and
controls are not in place.

While BYOD (Bring Your Own Device) offers plenty of benefits for the enterprise
and the employee, a strategic approach is necessary to mitigate the risks
associated with users accessing the network and supported applications from
outside of the corporate firewall. Let’s take a look at some of the threats
that exist with BYOD and what you need to do to protect your network, your
users and your proprietary information.

Lacking a Robust Policy – Now that
users are accustomed to relying on their own devices to access the network and
their personal email, they also need to know what is acceptable use, who has
access to their device(s), and what will happen if the device or the
information contained within the device is compromised. An effective policy
outlines expectations and outcomes, while also providing for the proper sharing
of information so all employees are informed.

Weak Authentication Methods – It’s a
given that employees will need unique user names and passwords to access the
corporate network, but it’s also a given that such information is easily
captured by hackers. It’s critical that IT management implements and enforces
strong authentication methods and limits access to applications. Strong
authentication methods demand constant monitoring and regular updates to ensure
any breach is immediately identified and mitigated.

No Visibility or Control over Devices –
Employees often prefer BYOD as a concept as it suggests they have complete
control over their mobile device. While the physical control may remain, IT
management establishes its own control over the device with mobile device
management or other applications that provide remote access and complete
visibility. Access to such technology ensures IT always knows what devices are
accessing the network and can immediately locate, lock and wipe clean any
compromised or lost device.

Applications – While a number of
applications exist to promote the activities of the professional in the field,
a larger number exist to waste time or access proprietary information with
malicious intent. Any applications downloaded by the user without IT approval
are a risk to the corporate network. The simple scan of a QR code could quickly
launch malware on the device, with reach into any network to which it is
connected. The corporate policy must define what constitutes an approved
application and how to avoid downloading malicious software.

While this list
merely scratches the surface of the threats that exist with BYOD, it still
provides clear insight into what you need to consider within your own
environment. Whether yours is a large enterprise, small- to medium-sized
business or sole proprietorship, any mobile device used to access your network,
server or other IT assets presents a threat to your operation. Before allowing
BYOD to flourish, put the right strategy in place to support only the safe use
of all mobile devices.

April 17, 2009

Spanish authorities have arrested twenty people suspected of having
facilitated an international money laundering operation through the
sale of drugs. The investigation was initially launched in May 2008,
when Police became suspicious over several substantial transfers of
money to Colombia. Police reports suggest that the group was
responsible for transferring in excess of 3 million euros during 2007
and 2008, which was sent from Spain to bank accounts in China, Panama,
Venezuela and the United States and were eventually collated at a fake
dentistry foundation in Colombia. The Police statement went on to say
that the suspected ringleader of the Colombian network was detained by
US police in Miami, whilst the remaining suspects were detained by
Spanish police in raids carried out across Spain. At the same time, the
Police confiscated 5 vehicles; 32 mobile telephones; a quantity of
cocaine; 6 fake passports and other documentation.

September 28, 2008

Many companies embark on their risk management strategies
from a single perspective, and do little more than put automated tools in place
that will monitor activities for patterns and trends, and alert appropriate
personnel when an abnormal or out of the ordinary event occurs.

However, risk management is not nearly that simple.Related strategies are complex and
multi-faceted.Even the slightest
oversight can put sensitive or confidential data in jeopardy – and result in
stiff monetary penalties or negative impact to the company’s image and
reputation.So, in order to ensure
optimum security of their IT infrastructure, organizations must make their risk
management initiatives as comprehensive as possible.

A truly complete risk management strategy must include the
following steps:

Risk assessment. Identify all probable threats, and
prioritize them based on their likelihood and their potential impact.

Asset audit.Build a list of all information
assets, including databases, applications, files, and other sources that
contain data that may subject to breach.Carefully evaluate each, and assess their vulnerability
to an attack.

Process definition.
Create and document the procedures for the ongoing monitoring and analysis
of all software, hardware, and virtual information assets.These defined activities must be
readily accessible to and clearly understandable by all key
stakeholders.They must also
be strictly enforced, with specific penalties outlined for those who put
information at risk by failing to adhere to written guidelines.

Tool selection.Determine what types of technology
solutions may be needed, and evaluate and select a suite of automated
tools to assist in the monitoring and alerting process.

Incident response. Define step-by-step workflows for
responding to and investigating (when needed) a potential breach.This must not only include a list
of all required tasks and activities, but rigid timelines for executing
them.

Assignment of
resources.Determine
who will be responsible for the various aspects of risk management, and
clearly highlight the roles and responsibilities of each key
stakeholder.Be sure to
define a chain of command, as well as a contingency or succession plan to
minimize disruption to risk management when assigned resources are
unavailable, or when they leave the company.

The last, and perhaps most important, step is ongoing enhancement.Continuously test and evaluate the
various components of the strategy, including tools and technologies being
utilized, and make refinements as needed.This is particularly important after the detection of a breach event,
when a post-response de-brief can help facilitate the creation of best
practices (for those processes that proved to be effective) and result in
lessons learned (for those procedures that did not work).

Risk management has become a key priority for many
companies.Yet, few really
understand what a comprehensive risk management strategy entails, or how to
effectively implement one across their entire enterprise.

That’s why many businesses are turning to the National
Institute of Standards and Technology (NIST) for guidance.NIST has designed a methodology for
implementing comprehensive and consistent risk management guidelines and
processes throughout the federal government.The goal is to maximize protection of classified information
contained within IT systems and services by ensuring that common tools, solutions,
and procedures are deployed and utilized among all agencies.At the same time, the NIST methodology
strives to create a secure technology environment, without hindering the needed
information sharing between federal, state, and local offices.

Because it is so comprehensive, corporations are seeking to leverage
this framework for their own risk management purposes.For example, the NIST approach has already
taken into consideration all the factors that have put information systems at
greater risk than ever before, including:

The
growing complexity of IT architectures

The
increased sophistication of cyber criminals

The
rising number of “virtual” assets that need to be protected

The
need to balance security with real-time collaboration and data access and
sharing requirements

Additionally, the NIST technique utilizes a phased approach
to risk management that can act as a guide to other companies, helping them
take the needed steps to implement true, enterprise-wide risk management, such
as:

Defining
and measure existing risks

Prioritizing
threats based on likelihood, extend of potential damage, and acceptability

Identifying
those staff members who will be responsible for risk management, and
outlining their roles

Selecting,
purchasing, and deploying the needed tools

Configuring
all systems, databases, and services for maximum protection

Setting,
documenting and enforcing security monitoring procedures

Creating
response processes to be executed in the event of a breach

Conducting
ongoing auditing and analysis of current procedures, and continuous
refinement as needed

And, because NIST created their recommendations to address
broad, nationwide security requirements, as well as the needs of various
individual federal agencies, they offer maximum flexibility.This is particularly important for
large, global organizations that need to standardize its risk management
activities, while allowing each department, office, or business unit to adjust
techniques as needed to satisfy unique security requirements.

Risk management initiatives require a tremendous amount of time and
resources.So, instead of starting
from scratch, companies should look to NIST, and use their existing framework
as the basis for their projects.This will accelerate the development and implementation of risk
management strategies, while ensuring success through the use of proven
techniques and methodologies.

As organizations begin to place a greater emphasis on the
development and implementation of broad-reaching IT security strategies, they
are receiving a rapidly increasing number of alerts from the various
technologies and devices they have deployed.As a result,
they faced with the challenge of effectively managing, prioritizing, and
responding to them.

Real-time correlation is an emerging technique that takes
the raw data generated by potential security events, and transforms it into
information that is easy to interpret, and more importantly – actionable.

Most security management tools and methodologies trigger
alerts based on specific actions taken by system users.However, they don’t necessarily
interpret what those activities mean, and whether or not they require an
immediate investigation.That
responsibility lies with systems administrators and others who oversee IT
protection.

Additionally, the disparate activities that make up breaches
– and the data that they generate – are often spread out over numerous
applications and devices, making them more difficult to detect.Therefore, stakeholders must manually
sift through multiple logs, and analyze the related event information to make
sense of it all.

On the other hand, real-time correlation extends the
capabilities of “point” systems, using a sophisticated algorithm that consolidates
security data from various solutions, mines it for sequential patterns, and
generates intelligence about the safety status of the entire network.It dynamically identifies vital trends
in cryptic security event information, and leverages built-in rules to instantly
translate those trends into something meaningful and useful.As a result, it can help detect and
pinpoint the root cause of attacks in progress, and anticipate the next steps
in multi-stage attacks.

What are the primary benefits of this approach? With
real-time correlation, companies can:

Obtain
a more comprehensive and holistic security status across an entire
infrastructure

Accelerate
the discovery of security breaches in progress

Reduce
the time to respond to attacks by more rapidly initiating countermeasures
or launching investigations

More
effectively identify and react to multi-phase or multi-prong attacks

Minimize
the number of false positive alerts

As hackers and other cyber-criminals become smarter, and acquire the
knowledge and skills needed to divert traditional security management
solutions, the attacks they launch will become more sophisticated and harder to
expose.Therefore, the need for
real-time event correlation will become more and more critical in order for
companies to mitigate all potential risks, and maintain full protection across
their network from end to end.

July 20, 2008

Every day, security analysts and the other professionals responsible for infrastructure monitoring and protection receive a series of alerts from the various hardware and software components that make up their technology architecture.The key challenge lies in prioritizing these alerts, and determining which ones require immediate attention.

False positives, incidents where security alerts are triggered even though no breach event has actually occurred, are becoming more and more common.Many intrusion detection systems are designed to uncover even the slightest unauthorized activity, looking not just for actual intrusions, but for any possible intrusion.As a result, they are often configured in such a way that a high number of false positives are also generated in addition to valid alerts.These can cost companies a tremendous amount of time and money, and distract incident responders from those alerts that really do require further investigation.

However, industry experts recommend several ways to reduce the number of false positives.These suggestions include:

Fine-tuning systems

Many security systems are, by default, extremely sensitive.But, their configurations can often be easily adjusted, to allow for more rigid definition of the criteria and thresholds that will trigger an alert.Begin by reviewing past audit logs to identify those actions that most often result in false positives, and set system controls to ignore those activities.

Using intelligent event correlation

Many experts believe that the future of enterprise security monitoring lies in event correlation, the ability for systems to leverage human-type intelligence to more effectively weed out false positives.For example, multiple failed logins alone may not be enough to warrant a full-blown investigation.Many of the more advanced systems will be able to dynamically perform further analysis and gather additional evidence, such as determining which IP address the logins were attempted from, before triggering an alert.

Applying visualization techniques

A study conducted by the Department of Computer Science at the University of Virginia suggests that – particularly in massive data sets – the textual relaying of suspicious activity data alone can create an unacceptable number of false positives.The report goes on to claim that by allowing system administrators and security analysts to visually analyze the same information using sophisticated graphics, it will be easier for them to identify the activity that represents low or no threat, and allow for faster detection of true malfunctions and breaches.

Conducting more in-depth training

While false alarms cannot be eliminated completely, they can be more rapidly dismissed.By training incident response teams to better tell the difference between a real alert and a false one, companies can avoid wasting precious staff time and incurring unnecessary expenditures.